[Samba] Problem joining windows clients to Samba AD

Léo dlopoel at gmail.com
Wed Aug 21 13:04:35 UTC 2024


> > ntlm auth = mschapv2-and-ntlmv2-only
>
> Why do you need the line above ?

This is part of security hardening, to prevent the use of NTLMv1
authentication protocol (except for MSCHAPv2 authentication scheme)

> > restrict anonymous = 2
> > disable netbios = yes
>
> I am not sure that is the correct way to do it on a DC, I do know that
> the 'nbt' server (the DC variant of nmbd) is running.

This is also part of the security hardening. Same for disabling
printing services, etc.

> There isn't anything there that should be stopping you joining
> computers, which sounds like a dns problem, so I would start by
> checking your dns.

Well, I checked all records from this list:
https://learn.microsoft.com/en-us/archive/technet-wiki/7608.srv-records-registered-by-net-logon
and all of them seem to be working.

Also, nltest /dnsgetdc:ad.example.com correctly fetches the two samba
DCs, but nltest /dsgetdc:ad.example.com fails (0x54b
ERROR_NO_SUCH_DOMAIN), like in the logs of my first message. It is
like windows was not actually using DNS to find the domain, but I
think this is the default on recent editions, right?

> The other question I should have asked is, what are the Windows clients
> ?

Clients are Windows Server 2022 or Windows 10.

> PS, please do not 'CC' me, just reply to the list.
Sorry about that :/



More information about the samba mailing list